MOVEit zero-day exploit and the U.S. iPhone hack accusation
MOVEit discloses zero-day exploit causing mass data theft, Russia accuses U.S. intelligence of hacking thousands of iPhones and the Magecart-cart style web skimmer. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Hackers mass exploited MOVEit Transfer zero-day to steal data
Hackers are actively exploiting a critical zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer file transfer software developed by Ipswitch. The flaw allows remote code execution and data theft, affecting thousands of exposed servers, primarily in the U.S. Although the motive of the threat actors is unclear, organizations should prepare for possible extortion and publication of stolen data. The MOVEit Cloud platform was also impacted by the vulnerability, with users being urged to investigate for potential data theft.
2. Russia says U.S. hacked thousands of iPhones to spy on diplomats
Russia has accused the U.S. of hacking thousands of iPhones belonging to Russian and foreign diplomats. The Federal Security Service (FSB) alleged that Apple worked closely with U.S. spy agencies but provided no evidence. Separately, Kaspersky Lab reported a targeted cyberattack on its senior employees using an invisible iMessage with a malicious attachment. A company spokesman stated that Russian authorities believe the attacks are linked but didn’t directly attribute them to the United States.
3. New Magecart-style campaign targeting legitimate e-commerce sites
Cybersecurity researchers have discovered an ongoing Magecart-style web skimmer campaign that poses a significant threat to e-commerce websites. The campaign involves hijacking vulnerable sites and using them as command-and-control servers. Notably, the attackers employ evasion techniques, disguising the skimmer code as popular third-party services such as Google Analytics. The compromised websites unwittingly distribute the malware to other vulnerable sites, amplifying the attack's impact. This sophisticated campaign targets websites globally, jeopardizing the personal data and credit card information of thousands of visitors.
4. North Korean hackers impersonating journalists to collect intel
The North Korean hacker group Kimsuky, also known as APT43, has been conducting spear-phishing campaigns to gather intelligence. Kimsuky impersonates journalists and academics, using convincing tactics to deceive targets. Multiple government agencies in the U.S. and South Korea have issued a joint advisory highlighting the group's activities. The advisory emphasizes the need for strong passwords and multi-factor authentication as essential measures to mitigate this threat. It also cautions against enabling macros or opening attachments from unknown sources.
5. Hackers using stealthy SeroXen RAT to target gamers
Cybercriminals are increasingly targeting gamers using a fileless RAT (remote access trojan) called SeroXen, which is distributed through social media and hacker forums. This malware combines various open-source projects, making it highly effective at evading detection. SeroXen is delivered through Discord channels or phishing emails using a hidden batch file that installs the final payload as rootkit arrays. The malware is primarily aimed at the gaming community, available for as little as $15-$30 per month. Its low cost and undetectable nature pose significant threats, prompting cybersecurity researchers to raise awareness and highlight its capabilities.
See Infosec IQ in action
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
